github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 05:21:58 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122975 from aramase/aramase/c/cleanup_authn_validation

Browse Source 
cleanup structured authn/authz error logic
This commit is contained in:
Kubernetes Prow Robot 2024-03-01 16:59:47 -08:00 committed by GitHub
commit 4e8674f4e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
staging/src/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
View File

@ -412,7 +412,7 @@ func validateUserValidationRules(compiler authenticationcel.Compiler, celMapper
func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileClaimsExpression(expression)
if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err)
return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
}
return &compilationResult, nil
}
@ -420,7 +420,7 @@ func compileClaimsCELExpression(compiler authenticationcel.Compiler, expression
func compileUserCELExpression(compiler authenticationcel.Compiler, expression authenticationcel.ExpressionAccessor, fldPath *field.Path) (*authenticationcel.CompilationResult, *field.Error) {
compilationResult, err := compiler.CompileUserExpression(expression)
if err != nil {
return nil, convertCELErrorToValidationError(fldPath, expression, err)
return nil, convertCELErrorToValidationError(fldPath, expression.GetExpression(), err)
}
return &compilationResult, nil
}
@ -609,19 +609,19 @@ func compileMatchConditionsExpression(fldPath *field.Path, compiler authorizatio
}
compilationResult, err := compiler.CompileCELExpression(authzExpression)
if err != nil {
return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression, err)
return compilationResult, convertCELErrorToValidationError(fldPath, authzExpression.GetExpression(), err)
}
return compilationResult, nil
}
func convertCELErrorToValidationError(fldPath *field.Path, expression authorizationcel.ExpressionAccessor, err error) *field.Error {
func convertCELErrorToValidationError(fldPath *field.Path, expression string, err error) *field.Error {
var celErr *cel.Error
if errors.As(err, &celErr) {
switch celErr.Type {
case cel.ErrorTypeRequired:
return field.Required(fldPath, celErr.Detail)
case cel.ErrorTypeInvalid:
return field.Invalid(fldPath, expression.GetExpression(), celErr.Detail)
return field.Invalid(fldPath, expression, celErr.Detail)
default:
return field.InternalError(fldPath, celErr)
}